<div><br>In both vpn servers you have the same .conf file??</div>
<div> </div>
<div>Or one with left configuration: left -> local, reight -> remote,</div>
<div>and the other: left-> remote, right->local??</div>
<div> </div>
<div> </div>
<div>in vpn1 server, .conf file:</div>
<div> </div>
<div> left=private external ip</div>
<div> leftid=@private external ip</div>
<div> leftsubnet=ip_lan1<br> leftnexthop=ip_private r1 (may not be needed in new version)<br> right=ip_public remote<br> <a href="mailto:rightid=@ private">rightid=@ private</a> external ip of server 2
<br> rightsubnet=ip_lan2<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.1.0/24" target="_blank"></a><br> authby=secret<br> auto=start<br> </div>
<div> </div>
<div>in vpn2 server, .conf file:</div>
<div> </div>
<div> left=ip_public remote</div>
<div> leftid=@<u><font color="#0000ff">private</font></u> external ip of server 1</div>
<div> leftsubnet=ip_lan1<br> right=private external ip <br> <a href="mailto:rightid=@ private">rightid=@ private</a> external ip</div>
<div> rightsubnet=ip_lan2<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.1.0/24" target="_blank"></a></div>
<div> rightnexthop=ip_private r2<br> authby=secret<br> auto=start<br> </div>
<div>Am I wrong??</div>
<div> </div>
<div>Xavi.</div>
<div> </div>
<div><br> </div>
<div><span class="gmail_quote">2007/3/8, Utkarsh Shah <<a href="mailto:utkarsh@elitecore.com">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: #ccc 1px solid">
<div text="#000000" bgcolor="#ffffff">left=privateip and right =public ip is correct.<br>and on your adsl router you have to make few rules like<br>anything comming on router's public ip <br> on UDP port 500 or port 4500 should be redirected to your vpn server's private ip which is behind your adsl router
<br> and proto ESP should be redirected to your vpn server's private ip which is behind your adsl router<br>this are the rules you have to apply on both adsl routers.<br><br>eg. <br> source=any<br> destination=router1's public ip
<br> protocol UDP<br> port 500/4500<br> forward it to vpnserver1's private ip<br>same way at other end<br><br>and i think on adsl router you might have facility to disable passthrough of vpn or ipsec<br>and can make a rule to redirect ipsec/vpn service to a desired destination
<div><span class="e" id="q_1112fe55a340a835_1"><br><br>Regards,<br>Utkarsh Shah<br><br>Xavi Deop wrote:
<blockquote cite="http://mid22fa9c0b0703071012id25aecame4b9b0c95f481182@mail.gmail.com" type="cite">
<div> </div>
<div>Is this correct??</div>
<div> </div>
<div>If in vpn server1 we have: left=private ip; right= public ip.</div>
<div> </div>
<div>Shouldnt we had in vpn server: left=public ip; right= private ip ?????</div>
<div> </div>
<div>Thanks.</div>
<div> </div>
<div>Xavi.<br><br> </div>
<div><span class="gmail_quote">2007/3/7, Utkarsh Shah <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:utkarsh@elitecore.com" target="_blank">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid">
<div text="#000000" bgcolor="#ffffff">assuming "ip1_1 ip1_2" is vpnserver1 and another is vpnserver2<br><br>at vpnserver1<br>conn vpnserver1-to-vpnserver2<br> left=ip1_2<br> leftid=@ip1_2<br> leftsubnet=ip_lan1
<br> leftnexthop=ip_r1 (may not be needed in new version)<br> right=ip_pub2<br> rightid=@ip2_2<br> rightsubnet=ip_lan2<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.1.0/24" target="_blank">
</a><br> authby=secret<br> auto=start<br><br>at vpnserver2<br>conn vpnserver2-to-vpnserver1<br> left=ip2_2<br> leftid=@ip2_2<br> leftsubnet=ip_lan2<br> leftnexthop=ip_r2 (may not be needed in new version)
<br> right=ip_pub1<br> rightid=@ip1_1<br> rightsubnet=ip_lan1<br> authby=secret<br> auto=start<br><br><br>Regards,<br><span>Utkarsh Shah</span>
<div><span><br><br>Xavi Deop wrote:
<blockquote cite="http://mid22fa9c0b0703070144j4515a2eeg9e6465e30fb3ca22@mail.gmail.com" type="cite">
<div>Hi, thanks for your replies!!</div>
<div> </div>
<div>I'm a bit confused with the addresses, sorry...</div>
<div> </div>
<div>I have 2 ethernets in my vpn servers.</div>
<div> </div>
<div>This configuration file sample, is for one of the vpn servers, that's right? For the otherone, there should be changes, no??</div>
<div> </div>
<div>if my scenario had:<br> </div>
<div>LAN_1 ------ vpn server --- router adsl ------ internet---- router adsl ------- vpn server ----- LAN_2</div>
<div>ip_lan1 ip1_1 ip1_2 ip_r1 ip_pub1 ip_pub2 ip_r2 ip2_2 ip2_1 ip_lan2</div>
<div> </div>
<div>how would it be the configuration?</div>
<div> </div>
<div>what is: @leftid @rightid?? which addresses should be?</div>
<div> </div>
<div>Thanks in advance!</div>
<div> </div>
<div>Xavi.</div>
<div> </div>
<div><span class="gmail_quote">2007/3/7, Utkarsh Shah <<a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:utkarsh@elitecore.com" target="_blank">utkarsh@elitecore.com</a>>:</span>
<blockquote class="gmail_quote" style="PADDING-LEFT: 1ex; MARGIN: 0px 0px 0px 0.8ex; BORDER-LEFT: rgb(204,204,204) 1px solid"><br>> Hi, I have the following scenario, and I would like to create a vpn with<br>> natt suport.
<br>><br>> LAN_1 ------ vpn server --- router adsl ------ internet---- router adsl<br>> ----- vpn server ----- LAN_2<br>><br>> I've installed:<br>> openswan-2.4.7.tar.gz<<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.openswan.org/download/openswan-2.4.7.tar.gz" target="_blank">
http://www.openswan.org/download/openswan-2.4.7.tar.gz</a>><br>><br>> I'm working with slackware 10.1 and kernel 2.16.12<br>><br>> I have to install the kernell natt patch??<br>><br>> Could someone help me with
ipsec.conf file? I've been searching the internet<br>> without any result...<br>><br>> Thanks.<br>><br>> Xavi<br>i have achieved above scenario with following changes it might not be<br>perfect solution...
<br>on adsl router apply portforwarding rules for UDP port 500 port 4500 and<br>proto esp(50) to your vpn server on both end<br><br>configure your ipsec.conf as below<br><br>conn net-to-net<br> left=<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://10.0.1.2/" target="_blank">
10.0.1.2</a><br> leftid=@leftid<br> leftsubnet=<a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.0.0/24" target="_blank">192.168.0.0/24</a><br> right=remoteserver(domain name or ip which will identify adsl router)
<br> rightid=@rightid<br> rightsubnet= <a onclick="return top.js.OpenExtLink(window,event,this)" href="http://192.168.1.0/24" target="_blank">192.168.1.0/24</a><br> authby=secret<br> auto=start<br>
<br>and your ipsec.secret as<br><br>@leftid @rightid : PSK "your preshared key"<br><br><br><br>Regards,<br>Utkarsh Shah <br>_______________________________________________<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="mailto:Users@openswan.org" target="_blank">
Users@openswan.org</a><br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://lists.openswan.org/mailman/listinfo/users" target="_blank">http://lists.openswan.org/mailman/listinfo/users </a><br>Building and Integrating Virtual Private Networks with Openswan:
<br><a onclick="return top.js.OpenExtLink(window,event,this)" href="http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155" target="_blank">http://www.amazon.com/gp/product/1904811256/104-3099591-2946327?n=283155
</a><br></blockquote></div><br></blockquote><br></span></div></div></blockquote></div><br></blockquote><br></span></div></div></blockquote></div><br>